Nexus OCSP Responder scales well with a server of multiple cores. More memory can be required when many logical responders are hosted in a single server instance and large CRLs are loaded by the responder. For load tests, also consider the HSM performance to not introduce a bottle-neck. Performance is affected by the Nexus OCSP Responder signing key length.

The following operating systems are supported:

• CentOS 7, 8
• Red Hat Enterprise Linux 7, 8
• SUSE Linux Enterprise Server 15
• OpenSUSE Leap 15
• Microsoft Windows 2012 Server
• Microsoft Windows 2016 Server
• Microsoft Windows 2019 Server

The following software is supported:

• 64-bit Java Runtime Environment (JRE) version 11.
• Nexus OCSP Responder is compatible with both OpenJDK and Oracle Java.

It is important that all participants in a PKI use the same time standard. Specifically Nexus OCSP Responder has to agree on the time with the CAs issuing CRLs/CILs and with the OCSP clients.

Make sure these clocks are synchronized, that is, the participants are using a synchronization protocol such as Network Time Protocol, NTP.

The following key types and corresponding signature algorithms in certificate, CA, CRL, CIL, and responder certificate are supported:

Key types

• RSA
• RSASSA-PSS
• EC
• Edward

Algorithms

• SHA-1
• SHA-2
• ECDSA
• EDDSA